There are many ways to encrypt data permissions in restful, especially for request json encryption. Here is a detailed introduction to the data encryption methods for get and post in SOA to ensure the security of data transmission:
@Component("dataSignInterceptor")
public class DataSignInterceptor implements MethodInterceptor {
@Autowired
private SoaServiceConfigService soaServiceConfigService;
@Autowired
private SoaAppSecretService soaAppSecretService;
@Autowired
private SoaServiceApplyService soaServiceApplyService;
public Object invoke(MethodInvocation mi) throws Throwable {
//TODO here should query the cache first
//Get a list of all unmanaged services
List <SoaServiceConfig> soaServiceConfigList = soaServiceConfigService.findNoSwitchList ();
if(soaServiceConfigList != null){
//put into cache
}
Object[] ars = mi.getArguments();
// Determine whether the method is annotated with DataSign
if (mi.getMethod().isAnnotationPresent(DataSign.class)) {
// Get the request parameters of the interception method
HttpServletRequest request = null;
JSONObject jsonBody = null;
Map<String, String> reqGetParamMap = null; // parameter information passed by the client
Map<String, String> reqPostParamMap = null; // parameter information passed by the client
Map<String, String> resultParamMap = new HashMap<String, String>();
for (Object obj : ars) {
if (obj instanceof HttpServletRequest) {
request = (HttpServletRequest) obj;
reqGetParamMap = (Map<String, String>) request.getParameterMap();
Set keSet = reqGetParamMap.entrySet();
for (Iterator itr = keSet.iterator(); itr.hasNext();) {
Map.Entry me = (Map.Entry) itr.next();
String key = me.getKey().toString();
Object ov = me.getValue();
String[] value =new String[1];
if(ov instanceof String[]){
value=(String[])ov;
}else{
value[0]=ov.toString();
}
resultParamMap.put(key, value[0]);
}
} else if (obj instanceof JSONObject) {
jsonBody = (JSONObject) obj;
ObjectMapper objMap = new ObjectMapper();
reqPostParamMap = objMap.readValue(jsonBody.toString(), Map.class);
resultParamMap = reqPostParamMap;
}
}
String serviceUrl = request.getServletPath();
if(StringUtils.isNotEmpty(serviceUrl)){
serviceUrl = serviceUrl.substring(serviceUrl.indexOf("/",2));
}
//TODO should be fetched from the cache, currently this is done first
//If the list of all uncontrolled services contains the service connection requested by the user, there is no need to control it, and the service control right is released directly
if(soaServiceConfigList != null){
for (SoaServiceConfig soaServiceConfig: soaServiceConfigList) {
if(serviceUrl.equals(soaServiceConfig.getServiceUrl())){
return mi.proceed();
}
}
}
String reqSign = resultParamMap.get("sign");// The signature authentication information passed by the client
// Verify that the signature cannot be empty
if (StringUtils.isEmpty(reqSign)) {
return new ResponseVO(DataSignEnum.SIGN_NOT_NULL.getCode(), DataSignEnum.SIGN_NOT_NULL.getMessage(),
null);
}
String appname = resultParamMap.get("appname");
// Verify that the application name cannot be empty
if (StringUtils.isEmpty(appname)) {
return new ResponseVO(DataSignEnum.APPNAME_NOT_NULL.getCode(),
DataSignEnum.APPNAME_NOT_NULL.getMessage(), null);
}
SoaServiceApply soaServiceApply = soaServiceApplyService.getServiceApplyByAppname (serviceUrl, appname);
if(null == soaServiceApply){
return new ResponseVO(DataSignEnum.APPNAME_NOT_APPLY.getCode(),
DataSignEnum.APPNAME_NOT_APPLY.getMessage(), null);
}
SoaAppSecret soaAppSecret = soaAppSecretService.findAppSecretByAppName(appname);
if(null == soaAppSecret){
return new ResponseVO(DataSignEnum.APPNAME_NOT_EXISTS.getCode(),
DataSignEnum.APPNAME_NOT_EXISTS.getMessage(), null);
}
// Regenerate a new signature sign according to the parameters (because the sign cannot be regarded as a business parameter, the sign is removed from the map and then encrypted)
resultParamMap.remove("sign");
resultParamMap.put("token", soaAppSecret.getToken());
String sign = MD5Utils.paramString(resultParamMap);
// Obtain the secret key corresponding to the application name according to the application name (the purpose is to perform signature authentication together with the parameters of the url request)
if (!StringUtils.equals(sign, reqSign)) {
return new ResponseVO(DataSignEnum.SIGN_NOT_MATCH.getCode(), DataSignEnum.SIGN_NOT_MATCH.getMessage(),
null);
}
}
// Execute the intercepted method, remember, if this method is not called, the intercepted method will not be executed.
return mi.proceed();
}
/**
* Data signature enumeration
*
* @author Administrator
*/
public enum DataSignEnum {
SIGN_NOT_NULL(2001, "Signature cannot be null."),
SIGN_NOT_MATCH(2002, "Signature does not match, the data passed has been tampered with."),
APPNAME_NOT_NULL(2003, "The application name cannot be empty."),
APPNAME_NOT_EXISTS(2004, "The application name does not exist."),
APPNAME_NOT_APPLY(2005, "The current application does not have permission to access this service, please contact the administrator for service application.");
// Member variables
private int code; // status code
private String message; // return message
// Construction method
private DataSignEnum(int code, String message) {
this.code = code;
this.message = message;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
}
It ends here! !